<?php
$server = 'localhost';
$user = 'apcvote_voter@localhost';
$pass = '123qwe';
$db = 'apcvote_apcvote';
session_start(); //Starts the session in php
//Things that this will do:
//1. Check if user has logged in - Case1
//2. Check if the login is proper - Case2
//3. Don't go anywhere if login is improper or user has not logged in anymore
//   or has logged out - Case3

if(isset($_SESSION['userNum'])){
	$case = "case1";
	$userNum = $_SESSION['userNum'];// sets the session to the userNum variable
	insertAllInfoToSessions($userNum,$server,$user,$pass,$db);// Insert all voter info to session variables
	$_SESSION['server'] = $server;
	$_SESSION['user'] = $user;
	$_SESSION['pass'] = $pass;
	$_SESSION['db'] = $db;
	
}else{
	$isLoginCorrect = checkLogin($_POST["uname"],$_POST["password"],$server,$user,$pass,$db); //Check login details
	if($isLoginCorrect == "True"){ // If login is correct, sets the session variable.
		$_SESSION['userNum']=$_POST['uname']; 
		$userNum = $_SESSION['userNum']; // The userNum variable will be used to refer to the session variable
		insertAllInfoToSessions($userNum,$server,$user,$pass,$db);// Insert all voter info to session variables
		//Add the server information to the session variables
		$_SESSION['server'] = $server;
		$_SESSION['user'] = $user;
		$_SESSION['pass'] = $pass;
		$_SESSION['db'] = $db;
		$case = "case2";
	}else{ //else don't do anything
		$case = "case3";
	}
}?>
<html>
<head>
<title>
<?php
	if(($case == "case1") || ($case == "case2")){ //If user has logged in succesfully, show this title
	echo "Welcome to APC Voting System";
	}else{ // If it is not going anywhere, use this title instead
	echo "Login in to APC Voting System";
	}
?>
</title>
<style type="text/css">
.style1 {
	border-collapse: collapse;
}
.style2 {
	border-collapse: collapse;
	background-image: url('images/bg.png');
}
a {
	color: #FFFFFF;
}
</style>
</head>
<body>
<font face = "Arial">
<table style="width: 810px; height: 104px" border="0" cellspacing="0" cellpadding="0" class="style1">
<tr>
<td colspan="6" style="height: 104px">
<img src="images\header.png"></td>
</tr>
</table>
<table style="width: 810px" background="images\menu.png" cellspacing="0" cellpadding="0">
<tr >
<td style="width: 11px; height: 40px">
&nbsp;</td>
<td style="width: 84px; height: 40px">
<a href="home.php"><img src="images\homeS.png"></a></td>
<td style="width: 84px; height: 40px">
<a href="vote.php"><img src="images\voteS.png"></a></td>
<td style="width: 84px; height: 40px">
<a href="candidates.php"><img src="images\candidateS.png"></a></td>
<td style="width: 84px; height: 40px">
<?php //Admin button will show for admins, Result button for voters
	//Connect to database first
	mysql_connect($server,$user,$pass) or die(mysql_error());
	mysql_select_db($db) or die(mysql_error());
	$checkPermission = mysql_query("SELECT voter_permission from voters where voter_num = '".$userNum."'");
		while($row = mysql_fetch_array($checkPermission)){
		$permission = $row['voter_permission']; //Get the permission of user
		}
	if($permission == 'Admin'){ //If the user is an Administrator
	    echo "<a href='admin.php'><img src='images\adminS.png'></a>";		
	}elseif($permission == 'Voter'){ // If the user is a Voter
	    echo "<a href='results.php'><img src='images/resultS.png'></a>";
	}else{
        //Do nothing - no button will be shown
	}
?>
</td>
<td style="width: 447px; height: 40px">
</td>
<td style="width: 84px; height: 40px">
<a href="logout.php"><img src="images\logoutS.png"></a></td>
</tr>
</table>
<table style="width: 810px; height: 73px" cellspacing="0" cellpadding="0" class="style2">
<tr>
<td style="height: 76px; width: 28px;"></td>
<td style="height: 76px" width="808px">
<?php
//Check the case based from the steps taken above
if($case == "case1"){ //User has logged in last time - Use session variables
	mysql_connect($server,$user,$pass) or die(mysql_error());
	mysql_select_db($db) or die(mysql_error());
	$result = mysql_query("SELECT * FROM voters where voter_num =".$userNum) or die(mysql_error());  //Get all information from voter
	while($row = mysql_fetch_array( $result )){ //Show information
	echo "<br><h2>Welcome ".$row['voter_fname']." ".$row['voter_lname']."</h2>";
	echo "This is the APC voting system<br>";
	echo "You can view the candidates in the Candidates page<br>";
	echo "or you can vote already in the Vote page<br>";
	echo "<br><br><br><strong>Voter Information</strong><br>";
	echo "<font size = '2px'>";
	echo "Voter Number: ".$row['voter_num'];
	echo "<br>Account Type: ".$row['voter_permission'];
	
	}
}
if($case == "case2"){ //user logged in, login is already correct
	mysql_connect($server,$user,$pass) or die(mysql_error());
	mysql_select_db($db) or die(mysql_error());
	$result = mysql_query("SELECT * FROM voters where voter_num =".$_POST["uname"]." and voter_pass =".$_POST["password"])
	or die(mysql_error()); 
		while($row = mysql_fetch_array( $result )){ // Show information
		echo "<br><h2>Welcome ".$row['voter_fname']." ".$row['voter_lname']."</h2>";
		echo "This is the APC voting system<br>";
		echo "You can view the candidates in the Candidates page<br>";
		echo "or you can vote already in the Vote page<br>";
		echo "<br><br><br><strong>Voter Information</strong><br>";
		echo "<font size = '2px'>";
		echo "Voter Number: ".$row['voter_num'];
		echo "<br>Account Type: ".$row['voter_permission'];
		echo "</font>";	
		}
	}		
if($case == "case3"){ //User logged out, or user is not logged in already
		echo "<br><h2> Please login here </h2>";
		echo "<form action='home.php' method='POST'>";
		echo "<table><tr>";
		echo "<td>Voter Number:</td> <td><input type='text' name='uname' size='30'></td></tr><tr>";
		echo "<td>Password: </td><td><input name = 'password' type = 'Password' Size = '30'></td></tr><tr>";
		echo "<td></td><td><input type='submit' value='Login' align='right'></td>";
		echo "</tr></table></form>";
}
//Function checkLogin
// Function accepts the ff parameters:
// userNumber = input voter number
// userPass = input password
// sver,usr,passwd,dbase - information for database connection
function checkLogin($userNumber,$userPass,$sver,$usr,$passwd,$dbase){
echo $usr;
echo $sver;
	if($userNumber < 1){ //userNumber doesn't exist - happens when user has logged out, set up a invalid login
	$userNumber = "0000";
	$userPass = "0000";
	}
mysql_connect($sver,$usr,$passwd) or die(mysql_error());
mysql_select_db($dbase) or die(mysql_error());
$result = mysql_query("SELECT * FROM voters where voter_num= ".$userNumber." AND voter_pass=".$userPass) //check whether an entry exist w/ the given username and password
or die(mysql_error());
while($row = mysql_fetch_array( $result )){
if($row['voter_num'] < 0){
return "False"; // if there are no results, return false
}else{
return "True"; // else, return true
}}}

//Function insertAllInfoToSessions()
// -Gets all voter info, then puts it in 
// session variables to be accessed at any page.
function insertAllInfoToSessions($userNumber,$sver,$usr,$passwd,$dbase){
mysql_connect($sver,$usr,$passwd) or die(mysql_error());
mysql_select_db($dbase) or die(mysql_error());
$info = mysql_query("Select * from voters where voter_num = '".$userNumber."'");
	while($infoLine = mysql_fetch_array($info)){
	$_SESSION['voter_permission'] = $infoLine['voter_permission'];
	$_SESSION['voter_lname'] = $infoLine['voter_lname'];
	$_SESSION['voter_fname'] = $infoLine['voter_fname'];
	}
}
?>
</td>
</tr>
<tr>
<td width="8px" colspan="2"><img src="images\end.png"></td>
</tr>
</table>
</body>
</html>
